How mature is your security? Benchmark your organization and see where you stand. Take the assessment now

Buy nowContact usSupportCommunity
EnglishEspañolItalianoFrançaisDeutschPortuguês
Data Security
Al GovernanceData Security Posture ManagementData Access GovernanceData Loss PreventionData Discovery & Classification
Identity Security
Identity Threat Detection & ResponseIdentity Governance & AdministrationIdentity Security Posture ManagementPrivileged Access ManagementDirectory Security

The future of data security

The Netwrix 1Secure™ Platform

Explore
Solutions
Featured Use Cases See all use cases
Active Directory SecurityNon Human Identity DefenseM365 Copilot ReadinessOn-Premise DeploymentIdentity Risk Detection & AnalysisManaged Service ProvidersMergers, Acquisitions, & DivestituresRegulatory ComplianceMicrosoft 365 SecurityZero TrustAD Certificate Services SecurityShadow AI Security
Featured Products See all products
Netwrix AuditorNetwrix Access AnalyzerNetwrix PingCastleNetwrix Endpoint ProtectorNetwrix Privilege SecureNetwrix Identity Manager

Self-service checkout available to organizations with up to 150 employees

Get started in minutes

Buy now
Netwrix AI Environments we protect Integrations MSPs Active Directory Security Risks Compliance Buy Now Pricing
Resource Center See All
BlogAttack CatalogComplianceCustomer StoriesCybersecurity FrameworksCybersecurity GlossaryEventsFreewareGuidesIdeas PortalNewsPodcastsPublicationsProduct AnnouncementsResearchWebinars
Asset not found

Featured Customer Story

DXC Technology Enables Customers to Achieve PCI DSS Compliance and Focus on Strategic Initiatives
Partners
Partner ProgramBecome a PartnerMSPsPartner LocatorWebinarsMicrosoft Alliance
Asset not found

Featured Customer Story

AppRiver Enhances Control over Active Directory While Significantly Reducing Auditing Time
Asset not found

Featured Customer Story

MSP Helps Client Recover from Ransomware in 6 Hours
Why Netwrix
About UsLeadershipNetwrix AICustomer StoriesRecognitionNewsCareers
Asset not found

Featured Customer Story

Horizon Leisure Centres Accelerates Data Classification to Comply with GDPR and Saves £80,000 Annually
Asset not found

Featured Customer Story

Samsung R&D Institute Secures Data with Cross-Platform Use and Fast macOS Deployment Using Netwrix Endpoint Protector

Netwrix Change Tracker

File integrity monitoring across every system you run

Detect unauthorized changes to files, registry keys, and configurations in real time. Separate planned work from real threats. Walk into every audit with a complete record of what changed, when, and by whom.

Read their Stories

Trusted by

A black background with a few white lines on it
The seal of the united states marine corps is black and white
A black and white logo for the us department of veterans affairs
Asset Not Found
A black and white logo for banque prive
A black and white sasc logo on a black background
A black and white samsung logo on a black background
The word rxr is written in black on a black background
The seal of the commonwealth of pennsylvania office of attorney general
The nevada dot logo is black and white on a black background
A black and white logo for landspitali with a cross in the center
A black and white logo for lake michigan credit union
A black and white logo for king s hawaiian
A black and white logo for johnson county kansas
A black and white logo for jetblue airways
A black background with a few white lines on it
A black and white logo for ingerop on a black background
A black and white ibm logo on a black background
A black and white logo for hull college
A black and white logo for henry county hospital
A black and white logo for enterprise bank and trust
A black and white logo for eastern carver county schools
A group infrastructure platform logo on a black background
A black and white logo for b berry college
The aspire pharma logo is black and white on a black background
A gray arrow pointing to the right on a black background
Asset Not Found
Asset Not Found
Asset Not Found
A black background with a few white lines on it
The word cape cod is on a black background
Asset Not Found
Asset Not Found
A circle with the words city of las vegas on it
A black and white seal of the city of tampa florida with a sailboat in the center
Asset Not Found
Asset Not Found
Asset Not Found
Asset Not Found
Asset Not Found
Asset Not Found
Asset Not Found
Asset Not Found
Asset Not Found
Asset Not Found
Asset Not Found
Asset Not Found
Asset Not Found
A white logo on a black background
Asset Not Found
A black background with a few white lines on it
A black background with a few white lines on it
Asset Not Found
A black background with a few white lines on it
Asset Not Found
A black background with a few white lines on it
Asset Not Found
Asset Not Found
The letter d is white on a black background
Asset Not Found
A black and white logo for uber freight on a black background
Asset Not Found
Asset Not Found
A black background with a few white lines on it
A black background with the word ucla in white letters
Asset Not Found
A black background with a few white lines on it
A black background with a few white lines on it

Native logs tell you a file changed. They don't tell you if it mattered.

Every server, workstation, database, and network device generates thousands of file and configuration changes a day. Most are routine — patches, updates, scheduled jobs. A handful aren't. The difference between an audit finding and a breach is whether you can spot the unauthorized change in time, attribute it to a user, and prove the rest of the system is still in a known-good state.

From baseline to alert to audit evidence

Netwrix Change Tracker turns file integrity monitoring into a full audit trail.

See every unauthorized change as it happens

Continuous monitoring and file integrity validation

Netwrix Change Tracker continuously validates changes against approved baselines using file integrity monitoring (FIM). This keeps your configurations hardened, compliant, and aligned with industry standards. A scheduled scan tells you the state of a system at scan time. Change Tracker tells you what happened between scans. Watch every file, registry key, service, port, and account a CIS Benchmark cares about, in real time. Reconcile every change against approved work in your ITSM. Flag everything else as Unplanned, the way it shows in the events feed above.

Capture Windows changes in real time via a signed minifilter driver registered with the Microsoft Filter Manager at altitude 388790. Logs I/O without locking files or modifying requests. No reboot required to enable.

Capture Linux changes in real time via Sysdig for who-made-the-change attribution. AIX uses the native AIX Event Infrastructure (ahafs).

Hash files with SHA-256 by default. MD5, SHA-1, SHA-384, and SHA-512 also available.

Reconcile approved changes from ServiceNow, BMC Remedy, Cherwell, ManageEngine, OpenText SMAX, SunView, and Samanage automatically so they don't generate noise. Surface everything else as Unplanned, with the device, the file or setting that changed, the timestamp, and the user account that made the change.

What it takes to stand it up

Hub server

  • Windows Server 2019, 2022, or 2025
  • Small install (~100 devices): 4 cores, 8 GB RAM, 500 GB disk
  • Large install (~1,000 devices): 16 cores, 32 GB RAM, 5 TB disk
  • MongoDB 5.x-8.x (bundle the Community Edition or bring your own, including Enterprise or a clustered deployment)
  • IIS 10, .NET 8 hosting bundle
  • Add Redis above 1,500 devices or for clustered Hub installs

Agent footprint

  • Gen 7 Agent on Windows: no dependencies
  • Gen 7 Agent on Linux: needs libicu, Sysdig optional for who-made-the-change attribution
  • Express Agent: single binary under 10 MB, zero dependencies. Runs on AIX, Solaris, HP-UX, legacy Unix, plus 32-bit and s390x architectures on request
  • Steady-state Windows agent overhead: 0-4% CPU, well under 1 KB/sec network
  • Agents talk to the Hub one-way over HTTPS (port 443 by default, configurable)

Fits the stack you already have

ServiceNow

Sync two ways. Pull Change Requests in as Planned Changes and reconcile approved work against detected events automatically. Discover devices from the ServiceNow CMDB and register them without manual setup. Raise ServiceNow incidents the moment an unplanned change is detected. Same workflow supports BMC Remedy, Cherwell, ManageEngine ServiceDesk Plus, Samanage, SunView ChangeGear, and OpenText SMAX.

Splunk

Pull logs as change events via a configurable SPL query. Turn anything Splunk can see — custom applications, unsupported devices, third-party platforms — into a tracked change event with device, user, and timestamp attribution.

SIEM

Forward every event as syslog in CEF format to Splunk, QRadar, Sentinel, or any SIEM that accepts syslog. Switch between UTC and local time.

Netwrix Auditor

Push events into Auditor's search and reporting. Combine FIM and CIS audit data with Auditor's native AD, file server, and identity event data for unified investigation.

"The most beneficial feature of Change Tracker is the CIS hardening and the monitoring part of that. That is something we have started to adopt recently, and we are taking it a lot more seriously. Tracking the CIS templates is something we really like about the product. We want to improve our system hardening and our security posture."

Behzaad Ghouse, Security Administrator

JD Wetherspoon
Netwrix Change Tracker

See it catch a real change

Walk through a live FIM scan, watch an unauthorized change get flagged, and see the audit-ready output. Five minutes, no install.

Launch in-browser demo
A purple netwrix logo on a black background
Privacy PolicyEU Privacy PolicyEULA